WriteAndX chain offsets
Volker Lendecke
Volker.Lendecke at SerNet.DE
Mon Aug 2 03:30:24 MDT 2010
On Sun, Aug 01, 2010 at 01:45:32PM +0200, samba.10.maazl at spamgourmet.com wrote:
> newer samba 3 builds have a different implementation of chain_reply
> that handles inconsistencies in the chain offsets differently. This
> seems to cause problems with LANMAN2 clients. In fact I could
> reproduce a crash of Thunderbird (on eCS) when deleting mails.
>
> After some tests I disabled one error check at chain_reply (process.c):
>
> already_used = PTR_DIFF(req->buf+req->buflen, smb_base(req->inbuf));
> if (chain_offset < already_used) {
> DEBUG(10, ("chain_reply: 3 - chain_offset=%i, already_used=%i,
> req->buflen=%i\n", chain_offset, already_used, req->buflen));
> // Do not fail to keep Thunderbird alive.
> // goto error;
> }
>
> This fixed the problem so far. However, it might have other
> drawbacks. So I seek for a more sophisticated solution.
>
> [tshark traces]
> Samba 3.2.5 (working)
> http://home.arcor.de/maazl/temp/tlog.tbird.3.2.5
> Frame 910/911
>
> Samba 3.5.4 (Thunderbird crash)
> http://home.arcor.de/maazl/temp/tlog.tbird.3.5.4
> Frame 833/834
>
> Obviously with samba 3.2.5 the offset in the reply (48) message is
> different from the request (60). I would not bet that the bug is not
> in the IBM Peer Requester, but at least it worked with the older
> samba.
Can you also send a debug level 10 log of both the failure
and the success with the patched 3.5.4? Those packets look
really, really strange.
Volker
More information about the samba-technical
mailing list